Re: (ITS#5580) BER Decoding Remote DoS Vulnerability

26 Jun 2008


      Howard Chu wrote:
...
zdi-disclosures@tippingpoint.com wrote:
...
Full_Name: Cameron Hotchkies
Version: 2.3.41
OS: Gentoo Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (66.179.208.36)
This vulnerability allows remote attackers to deny services on vulnerable
installations of OpenLDAP. Authentication is not required to exploit this
vulnerability.
Thanks for the report, a fix is now in HEAD. Please test.
For future reference, it looks like this may have crept in in 2001, rev 
1.88/ITS#2465...
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#5580) BER Decoding Remote DoS Vulnerability